You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Mladen Turk (JIRA)" <ji...@apache.org> on 2010/05/24 09:23:23 UTC
[jira] Created: (TS-369) Add safer strlcat, strlcpy functions
instead strncat, strncpy ones
Add safer strlcat, strlcpy functions instead strncat, strncpy ones
------------------------------------------------------------------
Key: TS-369
URL: https://issues.apache.org/jira/browse/TS-369
Project: Traffic Server
Issue Type: Improvement
Components: Core
Reporter: Mladen Turk
Assignee: Mladen Turk
Priority: Minor
Fix For: 2.1.0
Currently we are using strncpy and strncat set of functions and their more secure ink_strncat, ink_strncpy versions that
make the string is NUL terminated.
Since we are mostly operating on stack buffers of known size use BSD str "l" variants that use total length of
destination string as maximum number of chars to copy instead remaining of the string.
This makes code more secure because one doesn't need to subtract already consume buffer
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (TS-369) Add safer strlcat, strlcpy functions
instead strncat, strncpy ones
Posted by "Mladen Turk (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-369?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12872991#action_12872991 ]
Mladen Turk commented on TS-369:
--------------------------------
This is from OpenBSD so license is acceptable.
> Add safer strlcat, strlcpy functions instead strncat, strncpy ones
> ------------------------------------------------------------------
>
> Key: TS-369
> URL: https://issues.apache.org/jira/browse/TS-369
> Project: Traffic Server
> Issue Type: Improvement
> Components: Core
> Reporter: Mladen Turk
> Assignee: Mladen Turk
> Priority: Minor
> Fix For: 2.1.1
>
> Attachments: strlfn.patch
>
>
> Currently we are using strncpy and strncat set of functions and their more secure ink_strncat, ink_strncpy versions that
> make the string is NUL terminated.
> Since we are mostly operating on stack buffers of known size use BSD str "l" variants that use total length of
> destination string as maximum number of chars to copy instead remaining of the string.
> This makes code more secure because one doesn't need to subtract already consume buffer
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (TS-369) Add safer strlcat, strlcpy functions
instead strncat, strncpy ones
Posted by "Leif Hedstrom (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-369?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12872838#action_12872838 ]
Leif Hedstrom commented on TS-369:
----------------------------------
Please commit the additions of these new APIs, so we can start transitioning to them. At least then we can "fix" code as we see it, and new code can start using the BSD style APIs.
Btw, are there any "licensing" issues with the implementations of these APIs? Are they from BSD? I don't see any attribution anywhere in the patch? Before committing, please make sure we have the appropriate license, if necessary (if they have their own license, maybe even more the functions out of ink_string.cc, I think the custom at ASF is to not dual-license code unless necessary).
> Add safer strlcat, strlcpy functions instead strncat, strncpy ones
> ------------------------------------------------------------------
>
> Key: TS-369
> URL: https://issues.apache.org/jira/browse/TS-369
> Project: Traffic Server
> Issue Type: Improvement
> Components: Core
> Reporter: Mladen Turk
> Assignee: Mladen Turk
> Priority: Minor
> Fix For: 2.1.1
>
> Attachments: strlfn.patch
>
>
> Currently we are using strncpy and strncat set of functions and their more secure ink_strncat, ink_strncpy versions that
> make the string is NUL terminated.
> Since we are mostly operating on stack buffers of known size use BSD str "l" variants that use total length of
> destination string as maximum number of chars to copy instead remaining of the string.
> This makes code more secure because one doesn't need to subtract already consume buffer
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (TS-369) Add safer strlcat, strlcpy functions
instead strncat, strncpy ones
Posted by "Mladen Turk (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-369?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mladen Turk updated TS-369:
---------------------------
Attachment: strlfn.patch
Patch implementing strlncat for non-BSD platforms and couple of replacements of strncat functions
> Add safer strlcat, strlcpy functions instead strncat, strncpy ones
> ------------------------------------------------------------------
>
> Key: TS-369
> URL: https://issues.apache.org/jira/browse/TS-369
> Project: Traffic Server
> Issue Type: Improvement
> Components: Core
> Reporter: Mladen Turk
> Assignee: Mladen Turk
> Priority: Minor
> Fix For: 2.1.0
>
> Attachments: strlfn.patch
>
>
> Currently we are using strncpy and strncat set of functions and their more secure ink_strncat, ink_strncpy versions that
> make the string is NUL terminated.
> Since we are mostly operating on stack buffers of known size use BSD str "l" variants that use total length of
> destination string as maximum number of chars to copy instead remaining of the string.
> This makes code more secure because one doesn't need to subtract already consume buffer
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (TS-369) Add safer strlcat, strlcpy functions
instead strncat, strncpy ones
Posted by "Leif Hedstrom (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-369?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Leif Hedstrom resolved TS-369.
------------------------------
Resolution: Fixed
I'm closing this, please reopen if there is anything finished.
> Add safer strlcat, strlcpy functions instead strncat, strncpy ones
> ------------------------------------------------------------------
>
> Key: TS-369
> URL: https://issues.apache.org/jira/browse/TS-369
> Project: Traffic Server
> Issue Type: Improvement
> Components: Core
> Reporter: Mladen Turk
> Assignee: Mladen Turk
> Priority: Minor
> Fix For: 2.1.2
>
> Attachments: strlfn.patch
>
>
> Currently we are using strncpy and strncat set of functions and their more secure ink_strncat, ink_strncpy versions that
> make the string is NUL terminated.
> Since we are mostly operating on stack buffers of known size use BSD str "l" variants that use total length of
> destination string as maximum number of chars to copy instead remaining of the string.
> This makes code more secure because one doesn't need to subtract already consume buffer
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (TS-369) Add safer strlcat, strlcpy functions
instead strncat, strncpy ones
Posted by "Mladen Turk (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-369?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mladen Turk updated TS-369:
---------------------------
Fix Version/s: 2.1.2
(was: 2.1.1)
Although added in 2.1.1 fully target the 2.1.1
> Add safer strlcat, strlcpy functions instead strncat, strncpy ones
> ------------------------------------------------------------------
>
> Key: TS-369
> URL: https://issues.apache.org/jira/browse/TS-369
> Project: Traffic Server
> Issue Type: Improvement
> Components: Core
> Reporter: Mladen Turk
> Assignee: Mladen Turk
> Priority: Minor
> Fix For: 2.1.2
>
> Attachments: strlfn.patch
>
>
> Currently we are using strncpy and strncat set of functions and their more secure ink_strncat, ink_strncpy versions that
> make the string is NUL terminated.
> Since we are mostly operating on stack buffers of known size use BSD str "l" variants that use total length of
> destination string as maximum number of chars to copy instead remaining of the string.
> This makes code more secure because one doesn't need to subtract already consume buffer
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (TS-369) Add safer strlcat, strlcpy functions
instead strncat, strncpy ones
Posted by "Leif Hedstrom (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-369?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12883985#action_12883985 ]
Leif Hedstrom commented on TS-369:
----------------------------------
Is this complete? If so, please close.
> Add safer strlcat, strlcpy functions instead strncat, strncpy ones
> ------------------------------------------------------------------
>
> Key: TS-369
> URL: https://issues.apache.org/jira/browse/TS-369
> Project: Traffic Server
> Issue Type: Improvement
> Components: Core
> Reporter: Mladen Turk
> Assignee: Mladen Turk
> Priority: Minor
> Fix For: 2.1.2
>
> Attachments: strlfn.patch
>
>
> Currently we are using strncpy and strncat set of functions and their more secure ink_strncat, ink_strncpy versions that
> make the string is NUL terminated.
> Since we are mostly operating on stack buffers of known size use BSD str "l" variants that use total length of
> destination string as maximum number of chars to copy instead remaining of the string.
> This makes code more secure because one doesn't need to subtract already consume buffer
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.